SECURING
Before Internet and Notes® clients can use client authentication or send signed mail, they must have an Internet certificate. To send encrypted mail using S/MIME, they must have the recipient's Internet certificate.
About this task
You need to complete these steps for Internet and Notes clients who are creating new public and private keys for the Internet certificate. You do not need to complete these steps if you are using a Notes client and the CA issued certificates in the Person document of the Domino® Directory. Notes automatically adds Internet certificates stored in the Person document to the Notes ID file when the user authenticates with the server.
You can also set up Notes clients to use different certificates for signing and encryption. You designate one Internet certificate authentication and signing, and another for encryption.
Signing an Internet client certificate and adding the certificate to the Domino Directory When a CA signs an Internet client certificate, the CA adds a digital signature to the certificate and, if you are using a Domino CA, adds the public key to the Domino Directory. If you are using a third-party CA, you must complete additional steps to add the public key to the Domino Directory.
Exporting and importing Internet certificates Users can use Internet certificates only in the browser in which they requested them. However, you can export Internet certificates from a Person document and make them available to other users. You can also import other's Internet certificates into Person documents in the Domino Directory, or import and export Internet certificates for use between other Internet applications, such as Microsoft™ Outlook.
Viewing and deleting Internet certificates When you no longer want an Internet client to use TLS client authentication to access a Domino server, or a Notes client to send S/MIME encrypted mail to a specified recipient, delete the Internet certificate from the Internet client's Person document or the specified recipient's Person document in the Domino Directory.
To obtain an Internet certificate for a Notes client
The procedure that Notes clients follow to request an Internet certificate is the same whether a Domino CA or third-party CA issues the certificates.
Procedure
1. Have users request an Internet certificate.
2. The CA approves the request by signing the certificate, and Domino automatically adds the client's Internet certificate to the user's Person document.
3. Have users merge the Internet certificate into their ID file.
Results
For information on how Notes users request and merge Internet certificates into their ID files, see the HCL Notes Help.
You can also issue Internet certificates for Notes clients in Person documents so that users aren't required to submit Internet certificate requests .
To obtain an Internet certificate for an Internet client from a Domino CA
1. If you are using a Domino server-based certification authority, browse to the Certificate Request application. If you are using a Domino 5 certificate authority, browse to the Domino Certificate Authority application.
3. Enter your name and organizational information. This information will appear on your Internet certificate.
4. Enter any additional contact information that you want to send to the CA.
5. Enter the size for the public and private keys. The larger the number, the stronger the encryption.
6. Click Submit Certificate Request to send the request to the CA.
To obtain an Internet certificate for an Internet client from a Third-party CA
The third-party CA determines how you request an Internet certificate. Browse to the third-party CA's site, and enter the certificate request. A dialog box appears that allows you to request the certificate.
Related concepts Dual Internet certificates for S/MIME encryption and signatures
Related tasks Signing an Internet client certificate and adding the certificate to the Domino Directory Issuing Internet certificates in a Person document Setting up Notes and Internet clients for TLS client authentication Creating Internet certificates for Notes S/MIME clients